This file lists the major changes made between Owl releases. While
some of the changes listed here may also be made to a stable branch,
the complete lists of stable branch changes are included with those
branches and as errata for the corresponding Owl releases only.
This is very far from an exhaustive list of changes. Small changes to
individual packages won't be mentioned here unless they fix a security
or a critical reliability problem. They are, however, mentioned in
change logs for the packages themselves.
Changes made between Owl 1.0 and Owl 1.1.
2003/12/19 kernel
Updated to Linux 2.4.23-ow2.
2003/12/12 -
2003/12/16 Package: lftp
SECURITY FIX Severity: high, remote, passive
Updated to 2.6.10 fixing a buffer overflow vulnerability in the HTTP
directory listing parsing code discovered by Ulf Harnhammar. The
vulnerability could allow a malicious HTTP server to execute arbitrary
code on the client system. Additionally, a patch by Nalin Dahyabhai
of Red Hat needed to handle malformed HTTP server responses gracefully
has been added.
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0963
2003/12/08 Package: glibc
Sanity check the forward and backward chunk pointers in the unlink()
macro used by Doug Lea's implementation of malloc(3). If the pointers
are determined to have been overwritten, the process will be forced to
terminate thereby reducing the impact of a common class of attacks on
memory overwrite vulnerabilities present in various applications.
Credit for the idea for this countermeasure is due to Stefan Esser.
2003/11/29 kernel
SECURITY FIX Severity: high, local, active
Updated to Linux 2.4.23-ow1. Linux 2.4.23 includes a fix to a
vulnerability in the brk(2) system call discovered by Andrew Morton
which allowed user-space processes to access the kernel's data
structures and thus gain root access. Linux 2.2.x kernels are not
affected. The Linux 2.4.22-ow1 kernel image used in Owl-current ISO
images and CDs dated 2003/10/20 through 2003/11/03 did contain the
additional brk(2) fix and thus is not affected. However, that fix is
not a part of the published Linux 2.4.22-ow1 source code patch meaning
that custom builds of Linux 2.4.22-ow1 are affected and need to be
upgraded to 2.4.23-ow1. Additionally, this update of the kernel patch
makes the reporting of returns onto stack more verbose and makes the
kernel retry attempts to open the root filesystem device if the first
attempt fails.
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0961
2003/11/29 Package: gnupg
SECURITY FIX Severity: medium, remote, passive
Added a patch by David Shaw to disable the ability to create
signatures using the ElGamal sign+encrypt (type 20) keys as well as to
remove the option to create such keys.
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0971
2003/11/22 Package: iproute2
SECURITY FIX Severity: low, local, passive
Added a patch from Herbert Xu of Debian to prevent a local denial of
service attack on iproute2 utilities via spoofed Netlink messages.
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0856
2003/11/06 Package: openssl
Updated to 0.9.6l. The added bug fix is believed to be not security
related on Linux.
2003/10/26 Packages: nmap, owl-etc
Added a reduced version of the drop privileges patch from ALT Linux.
Nmap, when run as root, will now switch to pseudo-user nmap retaining
only raw socket access (CAP_NET_RAW) and, if option -n is given, also
chroot to /var/empty.
2003/10/26 Packages: libcap, vsftpd
New package: libcap, a library for dealing with POSIX.1e capabilities.
vsftpd has been updated to 1.2.1pre1 and now uses libcap.
2003/10/24 Packages: owl-cdrom, openssh;
Owl/build/{installworld.{sh,conf},installorder.conf}
Support special installs for Owl bootable CDs with "MAKE_CDROM=yes" in
installworld.conf.
2003/10/20 kernel; Package: owl-cdrom
Updated to Linux 2.4.22-ow1.
2003/10/18 Package: libnids
SECURITY FIX Severity: none to high, remote, active
Updated to 1.18 which fixes incorrect buffer memory reallocation (and
thus a possible buffer overflow) in TCP stream reassembly which may be
remotely exploitable into arbitrary code execution. This does not
affect applications that are currently a part of Owl (scanlogd does
not use libnids' TCP stream reassembly capability), but a number of
other applications such as those in dsniff toolkit are affected. The
vulnerability has been discovered by Robert Watson.
Reference:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0850
2003/10/12 -
2003/10/17 Packages: iproute2, iputils
Updated iproute2 to snapshot ss020116, iputils to ss020927, and
corrected builds with Linux 2.4.22+.
2003/10/11 Package: nmap
Updated to 3.48 which adds service version detection.
2003/10/01 Package: openssl
SECURITY FIX Severity: low, remote, active
Updated to 0.9.6k. This version corrects an out of bounds read in
ASN.1 parsing code, a crash in the public key verification code if it
is set to ignore decoding errors (which is normally done for debugging
purposes only), and an SSL/TLS protocol handling error which would
cause the server to parse a supplied client certificate even if one
wasn't requested. The problems were discovered due to NISCC's SSL/TLS
test suite.
References:
http://www.openssl.org/news/secadv_20030930.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0543
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0544
2003/09/29 Package: raidtools
New package: tools for creating and maintaining software RAID devices.
2003/09/17 Package: openssh
SECURITY FIX Severity: medium, remote, active
Multiple memory management errors have been discovered in OpenSSH, and
this update corrects 6 such real or potential errors based on an
exhaustive review of the OpenSSH source code for uses of *realloc()
functions. At this time, it is uncertain whether and which of these
bugs are exploitable. If exploits are possible, due to privilege
separation, the worst direct impact should be limited to arbitrary
code execution under the sshd pseudo-user account restricted within
the chroot jail /var/empty, or under the logged in user account.
Reference:
http://www.openssh.com/txt/buffer.adv
2003/08/24 -
2003/09/15 Package: john
Added an event logging framework.
2003/09/09 -
2003/09/14 Packages: dhcp, owl-etc
New package: the ISC Dynamic Host Configuration Protocol (DHCP)
distribution. The DHCP server and relay programs have been modified
to run with reduced privileges and are now a part of Owl. The DHCP
client is not officially a part of Owl yet and it is not built with
Owl by default.
2003/08/25 -
2003/09/12 Package: xinetd
Updated to 2.3.12.
2003/08/20 -
2003/08/22 Packages: iptables, ipchains
New package: iptables, tools for managing Netfilter/iptables packet
filtering rules with Linux 2.4.x kernels.
2003/08/02 -
2003/08/10 Packages: glibc, pam, sysklogd
LFS (Large File Support) corrections to glibc on SPARC, pam_limits,
and syslogd. LFS will only work when Owl userland is built against
Linux 2.4.x kernel headers and a Linux 2.4.x kernel is booted.
2003/07/25 Packages: prtconf, owl-dev
New package: prtconf, utilities to dump and modify SPARC OpenPROM.
2003/07/22 Package: pam
SECURITY FIX Severity: none to medium, local, active
Patched pam_wheel to never rely on getlogin(3), even if use_uid is not
specified. The default /etc/pam.d/su on Owl doesn't use pam_wheel,
and, after "control su wheel", uses it with use_uid. This change was
only needed to make other local configurations with pam_wheel safe.
2003/07/21 Package: openssh
SECURITY FIX Severity: none to medium, local, active
VerifyReverseMapping is now deprecated and replaced with a new option,
UseDNS, which is enabled by default. This should solve the client
address restriction circumvention attack discovered by Mike Harding.
Reference:
http://marc.info/?l=bugtraq&m=105483785212424
2003/07/04 Package: perl
RELIABILITY FIX: Corrected the Perl getpwent() to not rely on
getspent(3) returning entries in the same order as getpwent(3) does;
this actually makes a difference with /etc/tcb and likely with
non-files password databases.
2003/06/12 Package: stmpclean
RELIABILITY FIX: Updated to 0.3 which will refuse to run on relative
pathnames. The previous version would interpret relative pathnames in
a way most people wouldn't expect potentially removing files outside
of the intended directory trees.
2003/06/02 Packages: nmap, libpcap
New package: Nmap, a network exploration tool and security scanner.
2003/06/02 Package: openssh
Updated to 3.6.1p2. When we know we're going to fail authentication
for reasons external to PAM, pass there a hopefully incorrect password
to have it behave the same for correct and incorrect passwords.
2003/06/02 Package: lftp
Updated to 2.6.6.
2003/05/23 -
2003/05/29 Packages: owl-etc, glibc, SimplePAMApps, openssh,
owl-setup, shadow-utils, rpm;
Owl/build/installorder.conf
tcb is now the default password shadowing scheme and, when updating
existing installs, automatic conversion to tcb is attempted.
2003/05/11 -
2003/05/15 Package: gnupg
SECURITY FIX Severity: medium, remote, passive
Updated to 1.2.2, fixing the key validity bug.
References:
http://marc.info/?l=bugtraq&m=105215110111174
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0255
2003/05/05 Package: acct
Support /dev/pts in lastcomm(1).
2003/04/27 -
2003/05/01 Package: cvs
New package: a version control system. This is CVS 1.11.5 with many
corrections.
2003/04/27 Packages: msulogin, SysVinit, owl-startup
New package: msulogin, our implementation of sulogin(8) with support
for having multiple root accounts on a system.
2003/04/23 Package: SysVinit
Updated to 2.85 which includes most of our old patches plus quite a
few from ALT Linux, including to make wall(1) not trust utmp contents
more than it has to (this prevents a group utmp -> root attack).
Added more patches from ALT and Red Hat Linux, including for alternate
program executable matching in start-stop-daemon and pidof(8) such
that processes may be located even after their executables could have
been unlinked. This should make no difference for packages in Owl,
but may help lame third-party packages which attempt to stop their
daemon processes after having replaced the programs on disk.
2003/04/17 -
2003/04/18 Packages: tcb, openssh, popa3d, screen, shadow-utils,
SimplePAMApps, vsftpd
pam_tcb now implements proper fake salt creation for non-existent or
password-less accounts to reduce timing leaks. OpenSSH will now run
PAM with password authentication even for non-existent or not allowed
usernames.
2003/04/17 Packages: console-tools, kbd, man-pages, owl-setup
console-tools has been replaced with kbd.
2003/04/16 Package: xinetd
Updated to 2.3.11.
2003/04/15 Package: SimplePAMApps
Imported ALT Linux patches, most importantly replacing command line
parsing in su(1) such that it will better match the behavior of other
implementations.
2003/04/14 Package: util-linux
Updated to 2.11z.
2003/04/12 Packages: pam_userpass, openssh, popa3d, screen,
shadow-utils, vsftpd;
Owl/build/installorder.conf
Moved the common pam_userpass PAM conversation function into a
library, libpam_userpass (both shared and static versions are built).
This is due to work by Dmitry V. Levin of ALT Linux.
2003/04/12 Package: openssl
SECURITY FIX Severity: medium, remote, active
Updated to 0.9.6j which adds two security fixes. One of the fixes is
to enable RSA blinding (a technique to avoid information leaks via
timing with RSA encryption), without an application having to request
it explicitly, despite the small performance impact this has. The
other is to prevent the Klima-Pokorny-Rosa attack on RSA in SSL/TLS.
References:
http://www.openssl.org/news/secadv_20030317.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0147
http://www.openssl.org/news/secadv_20030319.txt
http://eprint.iacr.org/2003/052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0131
2003/04/08 Package: openssh
Updated to 3.6.1p1.
2003/04/02 Package: mktemp
Updated to 1.5.
2003/03/26 Package: mutt
SECURITY FIX Severity: high, remote, passive
Updated to 1.4.1. This version fixes a buffer overflow vulnerability
in Mutt's IMAP client code which could result in arbitrary code
execution if Mutt is used to connect to a malicious or spoofed IMAP
server. The vulnerability has been discovered by Diego Kelyacoubian,
Javier Kohen, Alberto Solino, and Juan Vera of Core Security
Technologies, and fixed by Edmund Grimley Evans.
References:
http://www.coresecurity.com/content/vulnerability-in-mutt-mail-user-agent
http://marc.info/?l=bugtraq&m=104818814931378
http://marc.info/?l=bugtraq&m=104812904712828
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0140
2003/03/23 Package: glibc
SECURITY FIX Severity: none to high, remote, active
Included Red Hat's back-port of the Sun RPC XDR integer overflow
fixes from glibc CVS. The fixes are by Paul Eggert and Roland
McGrath, and the xdrmem_getbytes() integer overflow has been
discovered by Riley Hassell of eEye Digital Security. Please note
that Owl does not include any RPC services (but it does include a few
RPC clients). It has not been fully researched whether an Owl install
with no third-party software added is affected by this vulnerability
at all.
References:
http://www.kb.cert.org/vuls/id/516825
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0028
2003/03/20 kernel
SECURITY FIX Severity: low to high, local/remote, active/passive
Updated to Linux 2.2.25-ow1. Linux 2.2.25 fixes the kmod/ptrace race
condition vulnerability discovered by Andrzej Szombierski. The
vulnerability could result in a local root compromise if the kernel is
built with support for auto-loading modules (CONFIG_KMOD) and the path
to a module loader program is specified in /proc/sys/kernel/modprobe.
It is recommended that you not enable or use kmod, for both security
and reliability reasons. The kernels used on Owl CDs have never been
built with support for kmod. Owl startup scripts, unlike those used
on some other distributions, don't setup a path to modprobe with the
kernel. This version of the kernel also corrects "Etherleak" issues
with a number of Ethernet drivers (a common class of vulnerabilities
publicized by Ofir Arkin and Josh Anderson of @stake) and a local DoS
vulnerability with mmap(2) of /proc//mem files discovered by
Michal Zalewski of BindView. Linux 2.2.25-ow1 patch makes the added
RLIMIT_NPROC enforcement also work for 32-bit syscalls on sparc64
(thanks to Brad Spengler for noticing that this was missing).
References:
http://marc.info/?l=linux-kernel&m=104791735604202
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0127
http://www.kb.cert.org/vuls/id/412115
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0001
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1380
2003/03/16 Package: man
Updated to 1.5l. This version fixes a bug discovered by Jack Lloyd
where a specially crafted man page would result in an attempt to
execute a program named "unsafe". This is only a security issue if
untrusted directories are present in $PATH, which should not be the
case.
References:
http://marc.info/?l=bugtraq&m=104740927915154
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0124
2003/03/15 Package: vim
Updated to 6.1 patchlevel 386. This includes a fix for Georgi
Guninski's discovery of a particular way to abuse vim's modelines to
execute arbitrary shell commands from a specially crafted text file
when it is loaded into vim and to bypass vim's restricted mode. Note
that vim's modelines have always been disabled on Owl by default (with
a setting in /usr/share/vim/vimrc) and even this fix is no guarantee
modelines will be safe to use or the restricted mode safe to rely upon
in the future.
References:
http://www.guninski.com/vim1.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1377
2003/03/02 -
2003/03/10 Package: popa3d
Rate-limit the "sessions limit reached" log message similarly to the
per-source one; spotted by Michael Tokarev. Ensure proper logging of
abnormally terminated sessions: distinguish server failures from
external modification to the mailbox by other instances of popa3d or
other MUAs. Previously, if external mailbox modification would occur
during processing of a RETR command, popa3d could improperly log a
"server failure" (0.6) or even a "premature disconnect" (older
versions). Added the -V option to print out version information.
Started maintaining a non-package-specific popa3d change log due to
popular demand, added a separate file with contact information.
2003/03/07 Package: file
SECURITY FIX Severity: medium to high, local, passive
Updated to 3.41, which fixes a buffer overflow vulnerability in
file(1). The overflow could be triggered by an invalid ELF binary
and, with a specially-crafted fake ELF binary, would result in
execution of arbitrary code.
2003/02/25 Package: zlib
Corrected a potential buffer overflow in gzprintf(), thanks to Bugtraq
postings by Crazy Einstein, Richard Kettlewell, and Carlo Marcelo
Arenas Belon.
2003/02/24 Package: libutempter
Updated to 1.1.1 for a signal handling fix.
2003/02/20 Package: openssl
SECURITY FIX Severity: medium, remote, passive
Updated to 0.9.6i. This version adds a security fix to minimize
information leaks via timing, by performing a MAC computation even if
incorrect block cipher padding has been found. The leaks could be
triggered and exploited in a man-in-the-middle attack, where the
attacker has to play an active role, yet relies on many actions and
properties of the SSL/TLS client to succeed. This weakness will be
demonstrated in an upcoming paper by Brice Canvel (EPFL), Alain
Hiltgen (UBS), Serge Vaudenay (EPFL), and Martin Vuagnoux (EPFL,
Ilion).
References:
http://www.openssl.org/news/secadv_20030219.txt
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0078
2003/02/20 Package: popa3d
Approached another stable release, 0.6. The recent changes are
limited to minor bug fixes (documented in the package change log), so
this release is of more importance to uses on non-Owl.
2003/01/20 Package: mutt
New package: a feature-rich text-based mail user agent. Our initial
package is based on Mutt 1.4i with many temporary file handling fixes.
2003/01/18 Package: xinetd
Updated to 2.3.10.
2003/01/10 -
2003/01/17 Package: dialog
Updated to 0.9b-20020814 with a patch needed for RSBAC administration
tools. Corrected unsafe temporary file handling in the samples.
2003/01/17 Packages: utempter, libutempter, rpm, screen
Red Hat's utempter has been replaced with ALT Linux's libutempter
package, which features an improved API while still supporting the
old one for compatibility. rpm has been enhanced to support symbol
versioning with automatic dependencies on libraries other than glibc
(packages which depend on libutempter's new API will use this), and
screen switched to the new API.
2003/01/12 Package: diffstat
Updated to 1.32.
2003/01/08 Package: owl-control
Added control(8) and control-dump(8) manual pages.
2003/01/07 Package: hdparm
Updated to 5.3.
2002/12/29 Package: nc
New package: ported netcat from OpenBSD (post-3.2). netcat (nc) is a
simple utility for reading and writing data across network, using TCP
or UDP.
2002/12/19 Packages: tcp_wrappers, openssh, xinetd
Handle error conditions with tcp_wrappers' table matching, patch from
Steve Grubb.
2002/12/17 Package: rpm
Added rpminit(1), a script to setup a set of private directories for
building RPM packages as the current user. Changed the default rpmrc
to use more optimal flags for our gcc (note that builds of Owl itself
use a different set of optimization flags anyway).
2002/12/14 Package: libnids
Updated to 1.17.
2002/12/12 Package: openssl
Updated to 0.9.6h.
2002/12/09 kernel
Updated to Linux 2.2.23-ow1.
2002/12/05 Owl/doc/TODO
New file: a public Owl TODO list. Its primary purpose is to give some
ideas of how one may contribute to Owl development.
2002/10/24 -
2002/12/01 Package: owl-startup
Set net.ipv4.icmp_echo_ignore_broadcasts = 1 to prevent the use of Owl
boxes for "smurf" attacks even when proper packet filters aren't in
place (suggested by Steve Olszewski). Set net.ipv4.tcp_syncookies = 1
to defeat SYN flood attacks. Documented (in /etc/sysctl.conf) the
security risk of having SYN cookies enabled with certain packet filter
setups.
2002/11/27 kernel
SECURITY FIX Severity: medium, local, active
Updated to Linux 2.2.22-ow2 which improves the "lcall" DoS fix for the
Linux kernel to cover the NT (Nested Task) flag attack discovered by
Christophe Devine.
2002/11/08 Package: glibc
RELIABILITY FIX: Made the x86 assembly code implementing bcrypt
password hashing reentrant (this time for real), made it more careful
about overwriting sensitive data. At the same time, the default
/etc/nsswitch.conf file has been cleaned up and improved.
2002/11/07 Owl/doc/MIRRORING
New file: instructions for those who would like to setup and maintain
an Owl mirror, official or not.
2002/11/05 Package: hdparm
Updated to 5.2.
2002/11/03 Packages: owl-control,
iputils, openssh, postfix, shadow-utils, SimplePAMApps,
traceroute, util-linux, vixie-cron
Keep owl-control settings over package upgrades (and thus over "make
installworld" runs as well). Some of the owl-control scripts updates
have been imported back from ALT Linux.
2002/10/21 -
2002/10/24 Packages: shadow-utils, tcb
Merged enhancements which remove the 32K users limit when /etc/tcb is
in use, documented them in tcb(5) and login.defs(5) manual pages.
Modified the tcb_chkpwd helper binary interface to support multiple
users per UID (the username is now passed as well). Most of this was
prepared by August but delayed until after Owl 1.0 release.
$Owl: Owl/doc/CHANGES-1.1,v 1.110.2.1 2011/09/07 07:23:57 solar Exp $